#!/bin/sh
echo "starting forward..."
if [ -e /proc/sys/net/ipv4/tcp_ecn ]; then
	echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED,UNTRACKED -j ACCEPT
/sbin/iptables -A INPUT -i em2 -p udp -j REJECT --reject-with icmp-port-unreachable

#sshd
/sbin/iptables -A INPUT -i em1 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

#ping
/sbin/iptables -A INPUT -p icmp -i em1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#mysql
/sbin/iptables -A INPUT -i em1 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

#HA
/sbin/iptables -I INPUT -i em1 -d 224.0.0.0/8 -j ACCEPT
/sbin/iptables -A INPUT -i em1 -p 112 -j ACCEPT

/sbin/iptables -P INPUT DROP
